SW.Blog

Monday, 11 May 2015

If you have implemented a SharePoint 2013 wiki page library for your company, you might agree with me that the recent and updated pages links are an unnecessary distraction to your users. Just because a page has been updated, that doesn't suddenly make it more important than any other content in the site. The problem is that Microsoft doesn't give us a supported way to remove these links.

So, we add a small piece of code. I like to have big bold commenting on anything I add so that I can easily spot it later on.

Thursday, 31 May 2012

First of all, you need to get yourself an Amazon Web Services account. You need to attach a credit card to the account but they won't charge you until you use something. If you choose to create a 'Micro' instance, which I'll cover in just a moment, you may indeed be able to host your website or blog for a whole year for free!

OK... so now you've got your account set up, lets get started...

1. Create your Instance (Virtual Server)

Open up your AWS Management Console and on the EC2 tab, we need to create an Instance. Select the region you'd like to host your website, and then select 'Launch Instance'.

Go with the 'Classic Wizard', and then you can get straight on choosing your preferred OS. I chose Amazon Linux (64-bit) for my server, which I assume is going to be more closely married to the EC2 service as a whole.

Once selected, your next option is to choose the Instance type you require. This is basically how much grunt you're going to need. For a small blog site or if you are just testing stuff out, you should be OK with a Micro instance, but for anything else you'll need to choose something more powerful.

All the remaining instance details can be left default, and you can add descriptive tags if you like. Next you need to create a key pair; this essentially works like a password to access your server. Just give it a name and click 'Create and Download your Key Pair', saving it in a safe place.

The final step is to create a security group, which is a set of firewall port rules. Name the group 'WordPress', add a description (I just repeated 'WordPress'), and then add the following Inbound rules:

Those rules deal with access for web traffic, terminal access and FTP. Finish up the wizard and in just a few moments you will see your server up and running under 'Instances'

2. Connect to your Instance

In the AWS Console select the running instance and, under 'Instance Actions', click 'Connect'. A Java based SSH client will open up and, once you've provided the path to the key file you saved earlier, you'll have a linux shell ready and we can get on with configuring the server.

First, lets install all the available updates. Type:sudo yum update

A lot of the commands in this article also require root access, so each time I connect to the instance I'll just run one command to elevate my permissions. Otherwise I would need to prefix everything with 'sudo'.

Most of the articles I found covering this suggested installing WordPress in a directory called 'blog' or 'site' or something similar within /var/www/html, however in this case I am going to install it directly into the root folder as I do not like having those extra bits in my website URL.

That last command will open the config file for view. You can scroll up and down with the cursor keys and if you press i on your keyboard it will go into edit mode. You need to edit the following lines:

When you are finished editing, you press Esc on your keyboard, and then type :wq and press enter to save the file and quit vi.

7. Assign an Elastic IP Address

One mistake I made in my early attempts was to rush on with configuring WordPress before I had assigned an Elastic IP address to the server in the AWS console. If you don't assign an Elastic IP, when you restart the server, its public DNS will change and your WordPress configuration will be broken. It's easy to fix, but can be avoided, so lets assign an Elastic IP so that we have a permanent address to work with:

In the AWS console, choose Elastic IPs and then 'Allocate New Address'. Once allocated, associate it with the server instance.

8. Configure WordPress

We are now ready to configure WordPress, so just put http://xxx.xxx.xxx.xxx (replacing with your Elastic IP address of course) into your web browser and that will trigger the WordPress configuration process:

It's simple, just give your website a name and set up an admin password and your site is ready!

9. Install an FTP Server

If you want to be able to easily update the files in your WordPress installation, then you'll need an FTP server.

Back in the SSH terminal, install the FTP server by typing:yum install vsftpd

That last command will open the config file for view. You can scroll up and down with the cursor keys and if you press i on your keyboard it will go into edit mode. You need to edit the following lines:

Disable anonymous access:anonymous_enable=NO

These next 6 lines will need to be added to the config file.Configure the FTP server for passive connections:

When you are finished editing, you press Esc on your keyboard, and then type :wq and press enter to save the file and quit vi.

Start the FTP service:service vsftpd start

Set the service to start automatically:chkconfig vsftpd on

10. Configure an FTP User

Add an FTP user, giving access only to the WordPress files and for additional security ensuring the user can not open a shell:useradd ftpuser -d /var/www/html -s /sbin/nologin

Set the password for ftpuser:passwd ftpuser

Set a strong password and make sure you document it!

To stop WordPress continually asking for your FTP login details every time you update a plugin or theme, edit the config file:cd /var/www/htmlvi wp-config.php

That last command will open the config file for view. You can scroll up and down with the cursor keys and if you press i on your keyboard it will go into edit mode. You need to add the following lines after the MySQL database settings:

Change the ownership of the files to 'ftpuser'. Because PHP runs in the identity of the file owner, this will ensure that WordPress can modify files as needed as well maintaining our own access and ensuring read-only access for everyone else:chown -R ftpuser /var/www/html

12. Back Up Your Instance

As always, we should take regular backups, and so with the initial build and configuration all complete, lets take an image of the server so that if something goes wrong in the future, we never have to go through this process again!

In the AWS console, select your server and then under Instance Actions, choose 'Stop'. Once the server has shut down, again under Instance Actions, choose 'Create Image':

Fill in the details, and then press 'Yes, Create'. Once complete, this will be available in the console under Images and Snapshots and you can use it to either roll back or create a new server.

When you start your instance up again, you might have to re-associate the Elastic IP, otherwise that's it...

Monday, 11 October 2010

I needed to deploy iTunes across a network and lock down some of the settings, and it turned out to be a little more complicated than a bunch of command line switches. It's not difficult, but there is little official documentation available so having completed the task here is a detailed methodology for anyone out there needing to do the same thing:

A. Preparation

1. First you are going to need Orca, which is included in the Windows Installer SDK. It's not installed by default, but once the SDK is installed you should be able to find orca.msi and install it. If you can't be bothered to go through all of that, I've uploaded a copy here.

2. Download the latest version of iTunes and save the installer into a folder that is accessible (read only) by all. I have a shared folder for all my group policy deployments so I'll just put it in there, in a \Apple\iTunes\Version sub-folder.

3. Extract the iTunes installer files using WinRAR and then delete the downloaded file, SetupAdmin.exe and AppleSoftwareUpdate.msi. The remaining five .msi files are required.

B. Transform the Installers

AppleApplicationSupport.msi does not require any modification, so I'll just move on to the other four files:

QuickTime.msi

4. Start Orca and open QuickTime.msi. Go to View -> Summary Information and remove all languages except for 1033. Click OK and then save over the original.

5. Go to Transform -> New Transform, and then make the following modifications:

- LaunchCondition -> NOT BNEWERPRODUCTISINSTALLED: Right click and drop this row.
- Property -> SCHEDULE_ASUW: Set the value to 0 (zero).
- Registry: Find the item that has QTTask.exe in the Component column and drop that row.
- Shortcut: Drop rows for QuickTimePlayer_Desktop, QuickTimeUninstaller, and QuickTimeReadMe.

Using the Group Policy Management tool, create a new Group Policy Object (GPO) and link it to the Organisational Unit that contains the target computers. In my case I only want iTunes to go to certain machines so I also filter the object by a security group of computers. You probably already have a structure for group policy deployment and I'm not going to cover that stuff here anyway, so I'll get straight to adding each installer to the GPO.

20. Right click and select New -> Package. Browse to your deployment share and select AppleApplicationSupport.msi. Leave 'assigned' selected as the deployment method and click OK to add it to the object.

21. Add another package but this time select QuickTime.msi. Select Advanced as the deployment method and click OK. After a few moments the Quicktime Properties panel will open. Go to the Modifications tab and select Add. Pick your QuickTime.mst file and press OK to finish.

22. Repeat step 21 for iTunes.msi, Bonjour.msi and AppleMobileDeviceSupport.msi, being sure to add the correct transform file for each package.

23. Reopen the iTunes package you created, and on the Deployment tab you can tick 'Uninstall this application when it falls out of scope of management'. This is just so that iTunes can easily be removed if necessary.

D. Lock Down Settings & Features

Apple provides a mechanism for locking down various parts of the software, including automatically checking for updates, parental controls and a few other things. This is all managed through a single registry key.

I prefer to use Group Policy Preferences for this sort thing so I have created a single registry entry in the same GPO that I am using to deploy the software. The correct location for this entry in the GPO is under Computer Configuration -> Preferences -> Windows Settings -> Registry.

24. You can add the registry key however you like, but if you are using Group Policy Preferences then create a New Registry Item and fill in the properties box with the following values:

25. The last thing we need to do is figure out that crucial registry key value. The table below shows all the options that are available to you. All you have to do is add together all the values for the ones you want and apply the total value:

Item

Value

kParentalFlags_Locked

1

kParentalFlags_DisablePodcasts

2

kParentalFlags_DisableMusicStore

4

kParentalFlags_DisableSharing

8

kParentalFlags_DisableExplicitContent

16

kParentalFlags_DisableRadio

32

kParentalFlags_RestrictMovieContent

64

kParentalFlags_RestrictTVShowContent

128

kParentalFlags_DisableCheckForUpdates

256

kParentalFlags_RestrictGames

512

kParentalFlags_DisableMiniStore

1024

kParentalFlags_DisableAutomaticDeviceSync

2048

kParentalFlags_DisableGetAlbumArtwork

4096

kParentalFlags_DisablePlugins

8192

kParentalFlags_DisableOpenStream

16384

kParentalFlags_DisableAppleTV

32768

kParentalFlags_DisableDeviceRegistration

65536

kParentalFlags_DisableDiagnostics

131072

kParentalFlags_AllowITunesUAccess

262144

kParentalFlags_RequireEncryptedBackups

524288

kParentalFlags_DisableHomeSharing

1048576

kParentalFlags_DisableCheckForAppUpdates

2097152

kParentalFlags_DisableCheckForDeviceUpdates

4194304

kParentalFlags_DisablePing

8388608

kParentalFlags_DisableFirstRunWelcomeWindow

16777216

I have including only the following controls:

- kParentalFlags_Locked: You must include this or users will be able to override your settings.
- kParentalFlags_DisableSharing
- kParentalFlags_DisableExplicitContent
- kParentalFlags_DisableHomeSharing
- kParentalFlags_DisableCheckForAppUpdates
- kParentalFlags_DisablePing
- kParentalFlags_DisableFirstRunWelcomeWindow

Saturday, 23 June 2007

We've been in Melbourne for over a month now and we've been going out a lot! We've been partying hard down here and have a got a pretty good grasp of the city, where all the cool stuff is, where's good to eat and drink, and what the night life is like. We're staying in Coburg, in the north of Melbourne, and the main road down to the city is peppered with cool bars and restaurants, notably one called 'Lentils as Anything' where you eat whatever you want and pay whatever you think it was worth - it's a great concept and the food is fantastic! There's tons of other good food around here: Lebanese, Italian, Afghan, Nepalese, Turkish, Indian, Greek, Thai, Chinese, Vietnamese... The list goes on and on and it's all right on our doorstep - now that can only be a good thing! I have yet to find a Burmese restaurant - its supposed to be a wonderful fusion of Indian and Oriental cooking :) If you know a good one... stick a comment on this blog!

On the night life side of things, we've been having a ball! We've been to illegal warehouse parties and legit club nights alike, we also went to see DJ Shadow play at The Forum which, aside from a rash of technical problems and London priced tickets, was pretty cool. He's definitely a very talented guy and it was great to see some live stuff once again. Check out the video I shot - it's hardly audiophile sound quality, my little camera simply not up the bass, but you get the general idea and if you know DJ Shadow you'll recognise the classic track!

We also went to see the Dalai Lama talk at a free event in a football stadium. 'His Holiness' was definitely a very chilled out guy and despite some fairly heavy topics he doesn't seem to take things too seriously, laughing and joking about quite a bit and the way he spoke and chuckled reminded me a lot of Yoda! It was a really interesting afternoon, and it feels quite special to have had the opportunity to see the Dalai Lama at all.

Overall, I like Melbourne a lot and we've both settled in pretty well. I don't much like the federal government out here: Their policies regarding immigration and indigenous people are blatantly discriminatory and even downright racist - they're a bunch of bloody Nazis. It's very disappointing to see that people will actually vote for such policies, in much the same way as it was disappointing to see Bush get a second term. I can only hope they get the boot in the coming elections.

Over the past few weeks I've been busy uploading loads more photos from our travels so far to my album on Zooomr, so if you haven't already had a look, then please do! They're not all great photos, but they tell a story.

Well, it doesn't feel much like 'travelling' any more, job hunting is taking up most of my time so I probably won't blog again for a little while. I will try to keep the photos and videos coming though, and please stay in touch.